Niels Provos

San Mai Knife

nospam@example.com (Niels Provos) — Thu, 15 Oct 2009 14:48:38 -0700

A while ago, I forged a San Mai billet with the hope to turn it into a tanto. Unfortunately, the forge I was using had a very oxygen rich atmosphere and the welds did not take very well. Over the last couple of days, I spent some time grinding and heat treating the remaining steel into a knife for practice purposes. The cable structure of the knife came out very nicely with repeated applications of lemon juice and metal polish to remove the oxides left by the lemon juice etch.

I also figured out how to take decent pictures of the steel. The trick was to use direct light rather than diffused light that shines directly on the blade, and then have black surfaces inside the light box. The angle of the knife needs to be so that the black is reflected do the camera. Although, this is a failed knife due to all the welding flaws, it still was an interesting experiment.

Forging a Wakizashi

nospam@example.com (Niels Provos) — Mon, 14 Sep 2009 11:43:26 -0700

I just finished taking the 5-day basic forging class taught by Michael Bell at Dragonfly Forge. The wakizashi in the picture is the result of it. The blade is about 18in long and was forged from forge-welded cable. The forge welding of the cable conducted by Michael and his son Gabriel took the better half of the first day. Afterward, the steel was forged into a sunobe which has the basic taper for the tang and point of the sword. We then forged in the ji and the shinogi ji. The remainder of the time was spent grinding in preparation for heat treatment. Before the clay was applied, we draw filed the blade so that all file marks were parallel with the edge rather than the perpendicular marks left by the belt grinder. Applying the clay was a three step process; a light coating of the whole blade, applying the ashi lines, and then coating everything that should remain soft. You can see the ashi and where the clay was applied on the middle picture. After heat treating, the blade took on a nice curve and it was back to the grinder. During the last day there was a little bit of time to polish on stones which showed hints of some very wild hamon as well as some mune yaki. The whole class was a great experience.

LEET '10 Call for Papers

nospam@example.com (Niels Provos) — Sat, 29 Aug 2009 12:35:46 -0700

The call for papers for the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '10) Botnets, Spyware, Worms, and More just went out. It will be held on April 27, 2010 in San Jose, CA.

LEET '10 will be co-located with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI '10), which will take place April 28–30, 2010.

Important Dates

Submissions due: Thursday, February 25, 2010, 11:59 p.m. PST
Notification of acceptance: Wednesday, March 24, 2010
Final papers due: Monday, April 5, 2010

Workshop Organizers
Program Chair

Michael Bailey, University of Michigan

Program Committee

Dan Boneh, Stanford University
Nick Feamster, Georgia Institute of Technology
Jaeyeon Jung, Intel Labs, Seattle
Christian Kreibich, International Computer Science Institute
Patrick McDaniel, Pennsylvania State University
Fabian Monrose, University of North Carolina, Chapel Hill
Jose Nazario, Arbor Networks, Inc.
Stefan Savage, University of California, San Diego
Matt Williamson, AVG Technologies
Yinglian Xie, Microsoft Research
Vinod Yegneswaran, SRI International

Go submit your work!

Ask Google's Anti-Malware Team

nospam@example.com (Niels Provos) — Sun, 16 Aug 2009 16:42:12 -0700

Google's Anti-Malware team has prepared a moderator page where web masters and users can ask questions and vote which questions they would like to see answered. The voting period ends on Friday, August 28th at which point the Anti-Malware team will prepare answers for some of the top-rated questions.

New Libevent Releases

nospam@example.com (Niels Provos) — Tue, 28 Jul 2009 21:17:43 -0700

Nick just announced two new libevent releases. Here is his summary.

Libevent 1.4.12-stable:
You can find the source in the usual place:

http://monkey.org/~provos/libevent-1.4.12-stable.tar.gz

This is a bugfix-only release, and some of the bugs were kind of nasty. I'd recommend that you upgrade, especially if you are writing code that uses epoll or evdns.

Changes in 1.4.12-stable:

Try to contain degree of failure when running on a win32 version so heavily firewalled that we can't fake a socketpair.
Fix an obscure timing-dependent, allocator-dependent crash in the evdns code.
Use _VA_ARGS_ syntax for varargs macros in event_rpcgen when compiler is not GCC.
Activate fd events in a pseudorandom order with O(N) backends, so that we don't systematically favor low fds (select) or earlier-added fds (poll, win32).
Fix another pair of fencepost bugs in epoll.c. [Patch from Adam Langley.]
Do not break evdns connections to nameservers when our IP changes.
Set truncated flag correctly in evdns server replies.
Disable strict aliasing with GCC: our code is not compliant with it.

Libevent-2.0.2-alpha:
The first alpha release in the long-promised Libevent 2.0 series is finally out. You can download Libevent 2.0.2-alpha from:

http://monkey.org/~provos/libevent-2.0.2-alpha.tar.gz

This is an alpha release. Libevent 2.0 is not finished. There will be bugs, and we make no promises about the stability of any APIs introduced in the 2.0.x-alpha releases. When you find bugs, please let us know.

Libevent 2.0 is intended to be backward compatible with the Libevent 1.4 APIs[*]. Any program that worked with Libevent 1.4 should still work with Libevent 2.0, unless we screwed up. Please test your programs when you have a chance, so that if we did screw up, we can notice soon.
[*] Unless you were messing around with the internals of internal structures.

This release adds many new features to the previous alpha release, and fixes many bugs. See the ChangeLog for full details. Highlights include:

evdns is now threadsafe, with locking support
There's an evconnlistener type that you can use to abstract cross-platform differences in accepting connections.
The evbuffer interface (and therefore bufferevents) now supports zero-copy much better.
About a zillion fixes for tricky bugs in the new Libevent 2.0.1-alpha code.

Special thanks to everybody who helped find bugs and improve the code, especially James Mansion, Zack Weinberg, and Joachim Bauch.

Aikido in Hamburg

nospam@example.com (Niels Provos) — Thu, 16 Jul 2009 02:53:43 -0700

Yesterday, I managed to practice Aikido in Hamburg for the first time in almost twelve years. The dojo at Charlottenstraße was beautiful with windows to the outside and plenty of light. The training was interesting and very enjoyable. I even managed to practice with a few folks from university times. Next week, it's back to the US and Aikido practice in Mountain View.

DirectShow Vulnerability Exploited Everywhere

nospam@example.com (Niels Provos) — Sat, 11 Jul 2009 09:38:16 -0700

The DirectShow vulnerabilities are being exploited all over the place now. Unfortunately, the second vulnerability in DirectShow is still unpatched and exploit sites seem to be jumping on this. There is even some evidence that it's possible to successfully exploit the vulnerability without even using JavaScript. New exploit domains are popping after every day. DirectShow now seems to be what Flash and PDF were earlier in the year.

Finn (1999 - 2009)

nospam@example.com (Niels Provos) — Sat, 04 Jul 2009 20:04:44 -0700

Testing the Zowada Forced-Air Manifold

nospam@example.com (Niels Provos) — Fri, 03 Jul 2009 21:21:48 -0700

I had time to forge down the 2in pipe for the nozzle today which completed everything needed for the burner. Here is a video of the first test run. Propane and air can be mixed separately via the gate valves which should allow precise control over the atmosphere in the forge.

The Village Blacksmith

nospam@example.com (Niels Provos) — Thu, 02 Jul 2009 13:49:12 -0700

The landlord visited today while I was working on some bolt jaw tongs. When he saw me blacksmithing, he told me that he used to turn the crank blower for a blacksmith when he was a boy and recited the following poem:

Under a spreading chestnut tree
The village smithy stands;
The smith, a mighty man is he,
With large and sinewy hands;
And the muscles of his brawny arms
Are strong as iron bands.

His hair is crisp, and black, and long,
His face is like the tan;
His brow is wet with honest sweat,
He earns whate'er he can,
And looks the whole world in the face,
For he owes not any man.

Continue reading "The Village Blacksmith"

Cybercrime 2.0: When the Cloud Turns Dark

nospam@example.com (Niels Provos) — Wed, 01 Jul 2009 08:19:59 -0700

We recently published an article on web-based malware in ACM's Queue Magazine. It provides a short overview of some of the challenges with detecting malicious web sites such as social engineering and examples of techniques for compromising web sites, e.g. htaccess redirection on Apache, etc. This is the article on which my recent ISSNet talk was based.

Making A Monkey Tool

nospam@example.com (Niels Provos) — Sat, 27 Jun 2009 14:23:45 -0700

I learned how to make a monkey tool today. Monkey tools can be used for dressing tenons. The basic procedure is as follows.
Take 1in square stock and chamfer the edges. Take a slot punch and move it about an 1in from the corner - this is the hammer end. Line the slot punch up very carefully, so that its straight and divides the stock in the middle. Hit it a couple times to get a registration. Now, get the stock nice and hot, align the slot punch with the registration, hit it hard three times, cool the slot punch in water, rotate it by 180 degrees and repeat. At some point, the slot punch is almost through, flip the stock over and use the slot punch to punch out the remaining piece of metal. Now, use a drift to open up the hole to the desired size. Start the drift from the other side of the slot. Doing this over the hardy hole is a good idea. With the slot still inserted, dress up the faces. Then chamfer the corners. Cut off the other side for the length of the tenon and drill a hole of the right size.
That's it. Out of the four holes I drifted only two came out sort of in the middle

Building a forge

nospam@example.com (Niels Provos) — Mon, 22 Jun 2009 23:45:42 -0700

To get better control over the atmosphere in the forge, I have decided to build a blown gas forge based on a design by Tim Zowada. The basic structure is provided by a 10 gallon compressed air tank I picked up from Lowes. Using Tim's forced-air manifold, the forge should easily get up to welding temperature (2300F).

Jon who runs the TemperChi Glass Art Studio is helping with building this thing and already has some cerawool for lining the inside. The Cerawool is going to get covered with a 1/4in layer of Satanite and then with an ITC-100 coating. The forge floor will be made from Bubble Alumina refractory which has a heat rating of up 3300F and is supposed to be very resistant to flux. The inside diameter of the forge will be 8 inches and the length about 12 inches.

If you are interested in making glass beads, you can learn that at the shop, too, as well as welding

Top 10 Malware Sites

nospam@example.com (Niels Provos) — Sat, 06 Jun 2009 10:03:02 -0700

A list of the top-10 malware sites found by Google's infrastructure over the last two months is available at the Google Online Security Blog. Gumblar and Martuz are among them as well as googleanalytlcs.net. There certainly have been lots of compromised web servers recently.

LEET'09: Large Scale Exploits and Emergent Threats

nospam@example.com (Niels Provos) — Tue, 14 Apr 2009 17:25:08 -0700

The 2nd USENIX LEET workshop is going to take place on April 21st in Boston next week. The workshop program looks really interesting. There are a number of really interesting talks; here are just a few:

Spamcraft: An Inside Look At Spam Campaign Orchestration
A Foray into Conficker's Logic and Rendezvous Points
A View on Current Malware Behaviors

Last year's workshop was a blast and I expect that next week is going to be lots of fun, too. It is still possible to register on-site for the workshop.